Active Directory Replication

By | July 19, 2009

Active Directory uses a multimaster replication model. In multimaster replication, changes can be made on any DC. In addition ,changes made on any DC are replicated to all other DC’s. So AD is said to use a Multimaster model. Unlike Windows NT uses a Single-master mode, and all changes to objects are controlled by the PDC.

Active Directory uses update sequence numbers (USNs), along with stamps, to track changes made to objects stored in AD data store. When an object is changed, AD increases the objects USN, and assigns the object a unique stamp that contains a version number, a timestamp, and the GUID of the DC on which the change was made.

Replication Partitions

The information contained in the AD data store is logically separated into three categories, these are said to be a partitions. Each of these partitions is replicated separately, on a partition-by-partition basis.

· Schema partition : This partition contains the rules that define how objects are created within a forest. The schema partition is replicated to all DCs in the forest.

· Configuration Partition : This partition contains information about the logical structure of AD for the entire forest, including the structure and use of domains, trees, sites and trust relationships within the forest. The configuration partition is replicated to all DCs in the forest.

· Domain partition: This partition contains complete, detailed information about every object in the domain. The domain partition is replicated only to the DCs within this domain.

Two replication types takes place in AD is Intrasite Replication and Intersite Replication.

Intrasite replication

· Intrasite replication takes place within a single site. This replication type uses the RPC over IP to replicate. All intraiste replication is sent in an uncompressed format.

Windows 2000 automatically determines which DCs in a site will replicate with other DCs in the site. The windows 2000 server service that makes this determination is called the Knowledge Consistency Checked(KCC).

The KCC, which runs on asll windows 2000 DCs, builds a list of connections between DCs within a site, and these connections dictate the path that replication takes between Dcs. The list of connections that the KCC generates is called the Replication topology.

KCC ensure that changes made on any object on any DC will be replicated to every DC in the site. In addition, Ad updated will pass through no more than three connections between the DC on which the change is made and any DC in the site

Intrasite replication, by default, takes place once every hour if no changes are mode. If changes made, within five minutes it will updated on DCs. Within the site, it will be 15 minutes.

We can configure when scheduled replication takes place, but we cannot schedule update replication.

Intersite Replication

Intersite replication is AD replication that takes place between sites.Administrator must manually create and configure sites and other AD components before intersite replication will occur. All intersite replication is sent in a compressed format to save network bandwidth.

Two different protocols used for intersite replication is Remote Procedure Call(RPC) over IP, and Simple Mail Transfer Protocol(SMTP).

RPC over IP is preferred protocol and requires the use of fully routed TCP/IP connections between sites. RPC over IP is faster than SMTP.

If there is no full routed TCP/IP connections between sites, SMTP is the only choice. SMTP can also be used when fully route TCP/IP connections exist between sites(but this is not recommended) or when other protocols that support SMTP (such as X.400) are used between sites. Another reason SMTP is not recommended is because it can only be used to replicate the schema and configuration partitions. We cannot use SMTP to replicate the domain partition.

We can assign a higher or lower cost to the site link. The default cost associated with a new site link is 100. The range for this etting is 1 – 32,767. And we can change the replication interval,which is 180 minutes(3hours), by default. This setting must be changed in 15 minute increments.

A Site link bridge is an AD object that groups two or more site links in order to create a “ Virutal site link” between all of the sites specified by the grouped site links. By default all site links are bridged. When you disable automatic site link bridging, it is disabled for all site links that use the selected protocol, either IP or SMTP.

The Domain controller that is designated for intersite replication in a site is called as Bridgehead Server. Specify the DC located closest to the router that connects the two sites.


Share On Facebook
Share On Twitter
Share On Google Plus
Share On Linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *